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Substitute Specification (Marked-Up) 

SECURE AND PERSONALIZED BROADCASTING OF AUDIOVISUAL STREAMS 
BY A HYBRID UNICAST/MULTICAST SYSTEM 

Related Applications 

[0001] This is a §371 of International Application No. PCT/FR2004/050613, with an inter- 
national filing date of November 24, 2004 (WO 2005/053299, published June 9, 2005), which is 
based on French Patent Application No. 03/50895, filed November 24, 2003. 

Technical Field 

[0002] Th e pr e s e nt inv e ntion This disclosure relates to the area of the broadcasting of digital 
audiovisual sequences. 

{0003] Th e pr e s e nt inv e ntion propos e s supplying a proc e ss and a syst e m that p e rmit th e 

visual and/or auditory prot e cting of an audiovisual s e qu e nc e st e mming from a digital standard, a 
digital norm or a propri e tary standard, its distribution in a s e cur e manner in multicasting mod e 
via a tel e communication n e twork, and th e r e constituting of its original cont e nt on a recompo 
sition modul e of th e addr e ss e d e quipm e nt from a protect e d digital audiovisual str e am. 

{0004] Th e pr e sent inv e ntion r e lat e s mor e particularly to a d e vic e capable of transmitting a 

s e t of high quality audiovisual str e ams in a s e cure mann e r via a t e l e communication n e twork to a 
vi e wing scr ee n and/or to an audio output belonging to a terminal or display devic e such as a t e l e 
vision screen, a comput e r or a mobil e terminal such as a t e l e phon e or PDA (P e rsonal Digital 
Assistant), or th e like whil e preserving the audiovisual quality but avoiding any fraudul e nt us e 
such as the possibility of making pirat e d copies of the broadcast cont e nts. Th e inv e ntion r e lat e s 
e ss e ntially to a process and a cli e nt s e rver system that prot e cts the audiovisual contents by separ 



ating them into two parts, th e s e cond part of which is absolut e ly indisp e nsabl e for th e r e consti 
tution of tho original str e am, which latt e r is restor e d as a function of th e r e combination of the 
first part with th e s e cond part. 

[0005] Th e proc e ss us e d for th e d e scription of a pref e rr e d e x e mplary e mbodim e nt of th e pr e 
s e nt inv e ntion separat e s the audiovisual str e am into two parts in such a mann e r that the first part, 
call e d "modified main str e am", contains th e quasi totality of the initial information, for e xampl e , 
mor e than 99%, and a s e cond part, call e d "compl e m e ntary information", containing targ e t e d e l e 
m e nts of the initial information and which is of a v e ry small size compared to the first part. Th e 
compl e m e ntary information contains data e xtract e d from th e original str e am, which e xtract e d 
data is r e plac e d by "d e coys" in th e modifi e d main str e am in such a mann e r as to caus e a s e v e re 
audiovisual d e gradation whil e k ee ping this main str e am prot e ct e d in conformity with th e norm or 
standard of th e original str e am. 

Background 

[0006] It is currently possible to transmit audiovisual programs in digital form via broadcast- 
ing networks of the microwave {{herzian}), cable, satellite type, etc. or via telecommunication 
networks of the DSL type (Digital Subscriber Line) or BLA type of (Local Radio Loop) or via 
DAB networks (Digital Audio Broadcasting) as well as via any wireless telecommunication net- 
work of the GSM (Global System for Mobile), GPRS (General Packet Radio Service), UMTS 
(Universal Mobile Telecommunication System), Bluetooth, WiFi types, etc. Moreover, in ord e r 
to avoid the pirating of works broadcast in this manner these works are frequently encrypted or 
scrambled by various known means w e ll known from th e prior art . 
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[0007] Th e prior art contains th e document US 6,295,361 pr e s e ntin g discloses a method and-a 
device that permit a key management node to decide the process for changing the group key of 
certain nodes in a multicasting group with the aid of an indicator inserted into a multicast packet. 
The management node decides how to insert the indicator and which nodes are concerned. The 
new key is then sent and when all the nodes of the group have received their key, the manage- 
ment node sends an indicator or also a date from which all the members of the group are author- 
ized to use the new keys. This prior art r e pr e s e nts Thus, a method for managing the multicast 
session with the aid of dynamic changing of the group keys is disclosed . The same key is attrib- 
uted to all the members of the same group with the aid of which the data is decrypted. However, 
the protection used is the encryption and all the data initially present in the audiovisual stream 
remain in the protected stream. Consequently, this prior art U S '361 does not resolve the prob- 
lem of high security and personalization , th e subj e ct matt e r of the pres e nt inv e ntion . 
[0008] Th e prior art also mak e s r e fer e nc e to the docum e nt WO 02/11356 A2 , that pres e nts 
discloses a method for fee-managing e£-keys between the client and the server in a multicast 
environment. The method is based on the-establishing ef-a secure channel between the server 
and the client using an SSL protocol (Secure Socket Layer) or TLS (Transport Layer Security) 
with certain modifications of the order of the-exchanging of messages in ord e r to be able to gen- 
erate a management key and te-send thisthe key to the client via the secure channel, from which 
key the client generates thea future key for the session with the server. The clients of one and the 
same multicasting group use the same management key for generating a session key during the 
communication session. This prior ar t WO '356 does not correspond to the criteria for the secure 
transport of audiovisual dat a, subj e ct matt e r of the pr e sent inv e ntion, and the data, even the 
encrypted data, is integrally present in the protected data stream. 



3 



Summary 

[0009] This invention relates to a process for secure distribution of digital audiovisual 
streams according to a standard, normalized or proprietary format including separating an orig- 
inal stream into two parts, transmitting the parts to addressee equipment, generating a modified 
main stream having a format of the original stream and complementary information with any for- 
mat including digital information suitable to permit reconstruction of the original stream, trans- 
mitting the modified main stream from a distribution server via separate paths during distribution 
in an extended, secure multicasting mode to the addressee equipment from a secure central ser- 
ver passing via at least one router and at least one switch connecting the addressee equipment to 
the central server via at least one access point, 

[0010] This invention also relates to a system for the secure distribution of audiovisual 
streams including a device for separating an original video stream into a modified main stream 
and into complementary information, at least one multimedia server containing the audiovisual 
streams, at least one secure central server including a device for securing and personalizing the 
complementary information from which the complementary information is distributed, at least 
one telecommunication network, at least one router, at least one switch functioning as an access 
point for connection to addressee equipment and a device in the addressee equipment for recon- 
struction of the original audiovisual stream as a function of the modified main stream and the 
complementary information. 

Brief Description of the Drawing 

[0011] The drawing is a diagram showing in block form selected aspects of a system broad- 
casting system. 
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Detailed Description 

[0012] This disclosure provides a process and a system that permit the visual and/or auditory 
protecting of an audiovisual sequence stemming from a digital standard, a digital norm or a pro- 
prietary standard, its distribution in a secure manner in multicasting mode via a telecommun- 
ication network, and the reconstituting of its original content on a recomposition module of the 
addressed equipment from a protected digital audiovisual stream. 

[0013] A device is disclosed that is capable of transmitting a set of high-quality audiovisual 
streams in a secure manner via a telecommunication network to a viewing screen and/or to an 
audio output belonging to a terminal or display device such as a television screen, a computer or 
a mobile terminal such as a telephone or PDA (Personal Digital Assistant), or the like while pre- 
serving the audiovisual quality but avoiding any fraudulent use such as the possibility of making 
pirated copies of the broadcast contents. A process is also disclosed as is a client-server system 
that protects the audiovisual contents by separating them into two parts, the second part of which 
is indispensable for reconstitution of the original stream, the latter being restored as a function of 
the recombination of the first part with the second part. 

[0014] The process used for the description of a preferred example separates the audiovisual 
stream into two parts in such a manner that the first part, called "modified main stream," contains 
the quasi totality of the initial information, for example, more than about 99%, and a second part, 
called "complementary information," containing targeted elements of the initial information and 
which is of a very small size compared to the first part. The complementary information con- 
tains data extracted from the original stream, which extracted data is replaced by "decoys" in the 
modified main stream in such a manner as to cause a severe audiovisual degradation while keep- 
ing this main stream protected in conformity with the norm or standard of the original stream. 
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[0015] In distinction to th e stat e of th e prior art th e pres e nt inv e ntion propos e s This disclosure 
provides a system characterized by the multicast broadcasting of the-complementary information 
and in that a processing is carried out in real time on segments representing entities that are inde- 
pendent as regards the processing, which segments comprise data for the reconstruction of com- 
plete audiovisual information and are secured and personalized for each user and are-sent to the 
equipment of the addressees in real time via a low-bandwidth network from a central server 
functioning as access controller for the viewing of the contents. 

[0016] In th e pr e s e nt inv e ntion th e The term "multicast" denotes a manner of transmitting 
from a sender to all the receivers belonging to the same group of subscribers in contrast to the 
term "unicast", that represents a manner of transmitting from a sender to a single receiver. 
[0017] The protection applied to contents distributed by the secure multicasting system , sub 
j e ct matt e r of th e pr e s e nt inv e ntion, is based on the principle of deleting and replacing certain 
information present in the original encoded audiovisual signal by any method, e.g., substitution, 
modification, permutation or shifting of the information. The solution consists in includes ex- 
tracting and permanently preserving in a secure server thtsthe complementary information con- 
taining a part of the original audiovisual stream, which part is indispensable for reconstituting 
thisthe audiovisual program^ but has a very small volume relative to the total volume of the aud- 
iovisual program recorded at the user's or received in real time by this user. ThisThe comple- 
mentary information is transmitted in multicasting mode via the secure transmitting network at 
the moment of viewing and/or hearing of thisthe audiovisual program. 

[0018] The fact of having removed and substituted by decoys a part of the original data of 
the initial audiovisual stream during the-generation of the modified main stream does not permit 
the-restitution of the original stream from thisthe modified main stream, that is entirely compat- 
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ible with the format of the original stream and can therefore be copied and read by a classic 
reader. T&sThe modified main stream is, however, completely incoherent from the viewpoint of 
human auto visual perception. 

[0019] As the original digital stream is separated into two parts, the largest part of the audio- 
visual stream, saidthe modified main stream—wi n may therefore be transmitted via a classic 
broadcasting network whereas the lacking part, saidthe complementary information, wiHmay be 
sent on demand via a narrow-band telecommunication network or via a physical support such as 
a memory card, disk, etc. However, the two networks can be combined while keeping the two 
transmission paths separate. For the-reconstitution of the original stream^ the complementary in- 
formation is sent piece by piece during the-viewing and/or h e aring o fl istening to the audiovisual 
stream. 

[0020] The subject matter of th e pr e s e nt inv e ntion this disclosure is the secure and personal- 
ized transmission, after authentication of the user, of the complementary information in multi- 
casting mode in such a manner as to avoid it from being able to be copied or fall entirely into the 
possession of the user or of any ill-disposed person. 

[0021] Multicast distribution is used in the instances in which a large number of users wish 
to access the same content at the same time, which is, e.g., the case for direct broadcasting by 
satellite or cable or via any other network that allows several subscribers to be accessed at the 
same time. The content stream is transmitted from a server to the clients via a multicasting chan- 
nel. The complementary information designated and personalized for each active client (member 
of the multicasting group) is broadcast by a separate path from a secure server also in multicast- 
ing. The user who is interested in a content joins the multicasting group, receives the comple- 
mentary information as a function of his the user's rights, which thus allows the-reconstitution of 
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the original stream and therefore th e viewing simultaneously viewing w ith the reception of 
thisthe complementary information. 

[0022] On the one hand, the benefit of the distributing in multicasting mode of the comple- 
mentary information is that a central server can model its distribution to a very large number of 
consumers. On the other hand, the disadvantage of distributing in multicasting is that the same 
complementary information is transmitted to all the users in the group and a as a consequence^ it 
is more difficult to individually control the different consumers. 

[0023] From the standpoint of security and content protection, multitasking has the disadvan- 
tages of the models "one-to-many" or "a single sender, several receivers" from the English ex- 
pression "one-to-many" that designates a communication operation from a single sender and dir- 
ected to multiple receivers. This creates the necessity ferof working out a protection system for 
reliable multicasting distribution based on the following characteristics: 

- Thethe solution of th e pr e s e nt inv e ntion is complementary to the multicasting distri- 
bution protocol "join/leave the group" that is well-know n to an e xpert in th e art . 

- The-making e^the decision to join/leave the group is performed at the level of the 
access elements of the network for access control from a previously established list where 
the client receives the-permission to join thisthe group* but does not have the right at 
thisthat stage to view the stream broadcast for thisthe group, which access elements are 
called "switches." 

- The-users for which a switch refused authorization cannot join the group. 

- ¥hethe central server is responsible for updating the client list and fee-making the deci- 
sion to include new identities in the list of encryption keys for the session after a first 
stage of authentication with the client desiring to join the group. 
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- Eacheach session key is individual for each client and has its own lifetime, after which 
it is considered as a non-valid key and is-then destroyed by the server. 

- Thethe scale of a multicasting group is on the order of several thousand users per group. 

- Thethe relation is of the one-to-all type in a single direction. Consequently, the server is 
always the emission source and the clients are al^vays the receivers with the exception of 
requests emitted from the receivers to the server via a unicasting return link or, e.g., dur- 
ing the authentication stage. 

[0024] The particularity of th e pr e s e nt inv e ntion is that the server broadcasts in multicasting 
to a large number of users that can join and leave the group in a dynamic manner. Furthermore, 
in th e pr e s e nt inv e ntion the functionality of the selective relation ("push relation" in English ) is 
eliminated, that is, the clients of one and the same group can not communicate with each other 
and A as a consequence^ the model of the multicasting connection is simplified, as well as the pro- 
tocol for the management and distribution of keys for the members of the group. 
[0025] The subj e ct matt e r of th e pr e s e nt inv e ntion Thus, one aspect is a simplified protocol 
for the-secure broadcasting of the complementary information in multicasting, thus completing 
the existing multicasting broadcasts protocols with a secure broadcasting protocol of saklthe 
complementary information. 

[0026] To this end A the invention r e lat e s process according to its most a general meaning te-a 
proc e ss for th e includes secure distribution of digital audiovisual streams according to a standard, 
normalized or proprietary format, in which streams a separation of the stream into two parts is 
made prior to the transmission to the addressee's equipment in ord e r to generate a modified main 
stream with the format of the original stream and to generate complementary information with 
any format comprising the digital information suitable for permitting the reconstruction of the 
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original stream, charact e rized in that this wherein the modified main stream is transmitted from a 
distribution server via separate paths during the distribution phase and that this the comple- 
mentary information is transmitted in multicasting mode to thisthe addressee's equipment from a 
secure central server passing via at least one router and at least one switch connecting thisthe 
addressee's equipment to thisthe central server via at least one access point. 
[0027] Th e auth e nticatio nA uthentication between the client and the server is preferably per- 
formed in unicast mode. According to a particular e mbodim e nt aA session key that is unique by 
content and by client i smav be generated by the central server following this-authentication. The 
complementary information is advantageously compressed and encrypted prior to being sent to 
the client. 

[0028] According to a variant th e manag e m e nt Management of a multicasting group i smav be 
performed in the connection layer controlling the distribution of data in multicasting solely for 
the access point concerned. The managin g Managing and the-securing ef-the complementary in- 
formation is preferably performed following a multi-reception of the requests for authentication 
by a central server and comprises a compression stage, and encryption stage and a management 
stage of said session keys. 

[0029] According to a pr e ferr e d e mbodim e nt th e r e g e neration R egeneration of a new session 
key for the client i smav be performed as a function of the decision of the client to prolong the 
connection, is based on the lifetime of the preceding session key and is individual for each mem- 
ber of the multicasting group. 

[0030] According to anoth e r embodim e nt th e The complementary information i smav also be 
secured and personalized for each client and fe^-each multicasting session with the aid of meth- 
ods of hybrid or symmetric or asymmetric encryption. 
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[0031] The inv e ntion also r e lat e s to a system for the secure distribution of audiovisual 
streams, characteriz e d in that m ay include the control of the throughput in the multicasting group 
and is performed as a consequence of the managing and personalizing of the securing of the 
complementary information. 

[0032] The system of th e invention preferably comprises a device for separating the original 
video stream into a modified main stream and inte-complementary information, at least one mul- 
timedia server containing the protected audiovisual streams, at least one secure central server 
comprising a device for securing and personalizing thisthe complementary information from 
which the complementary information is distributed, at least one telecommunication network, at 
least one router, at least one switch functioning as access point for the connection to the 
addressee's equipment and a device in the addressee's equipment for the-reconstruction of the 
original audiovisual stream as a function of saidthe modified main stream and of saidthe comple- 
mentary information. 

[0033] The pr e s e nt inv e ntio n process and system will be better understood with the aid of 
the selected exemplary embodiments and e£the following detailed stages. A preferred^ but non- 
limiting exemplary embodiment of the process that responds to the criteria of security and relia- 
bility is illustrated by the client-server system presented in the figure. 

[0034] The auto visual stream in digital form 1 transmitted via link 6 to analysis and scram- 
bling module 2 is separated into two parts by this-module 2. Modified main stream 17 is stored 
in multimedia server 16 and is-sent in real time to the client during viewing via a broadband net- 
work or is stored in advance on the backup device of terminal 14 of the user. Complementary 
information 3 is sent to storage and segmentation module 41 of secure central server 4. 
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[0035] Since the complementary information is sent solely on demand, its distribution in real 
time, its securing and its personalizing for each user is realized by virtue of the property of "scal- 
ability in throughput" on the transport networks. The notion of "scalability in throughput" is 
defined as the capacity of a network to manage, modify, allocate and adapt the throughput of the 
transiting streams as a function of the bandwidth that is available or negotiated and as a function 
of the-network congestion[[s]]. As a result of the low throughput of the complementary informa- 
tion transmitted in real time, the process of th e pr e s e nt inv e ntion contains a segmentation stage 
of the complementary information in module 41, which generates data segments of variable size 
with each segment corresponding to an entire, subjectively coherent audiovisual element such as 
an image or a frame, a group of images or GOP ("Group Of Pictures" in English ) in an MPEG-2 
stream for example. In a variant another aspects, the segmentation is performed in a single stage 
after the-generation of saidthe complementary information 3 and produces a series of segments 
designated as aj'stream of complementary information" that remain stored in storage and seg- 
mentation module 41. In yet_another variaft taspect, the stream of complementary information is 
generated in real time. 

[0036] The segmentation stage of the complementary information is followed by a stage of 
encapsulation enof blocks of data and an encryption stage in module 42 preceded by a stage of 
compressing their size in which the blocks remain available on demand by the users. The stream 
of complementary information is continuously sent to terminal 14 of the user in the form of 
blocks with a block containing a segment to which access information or "header" was added 
comprising data relative to the identity of the user in the case of a classic centralized network. 
The header preferably comprises data relative to the mobility of the user (position, rights, net- 
work access points, for example) in the case of a distributed network. The header advantag- 
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eously comprises data relative to the encryption keys of the stream of complementary infor- 
mation. A block is the fundamental unit of communication and is also called UFIC ( Fr e nch 
'Unite de Flux d'Information Complementaire" = English "Unit of Stream of Complementary 
Information"). 

[0037] When the user "i" wishes to view a sequence h ethe user connects via feis-equipment 
14i and link 13i to hisa closest access point, switch 12a, that previously gave him th e author- 
ization to join the multicasting group. Switch 12a redirects the request via a link 11 to local 
router 10a, which latter for its part directs the request via link 9a to central router 8, which cen- 
tral router 8 addresses central server 4 via link 7. When server 4 thus receives the request of 
client 14i, central server 4 requires an authentication from thisthe client 14i in ord e r to make a 
decision about sending the UFIC's requested, that are unique as an audiovisual sequence. After 
the authentication dialog, the-identification of the client 14i by central server 4 that he the client is 
in its database 5, and the generation of a unique session key, the stream segmented in module 41 
is sent via link 43 to module 42, compressed and encrypted in thisthe module 42 by saidthe 
unique session key by heading and by client. The UFIC's are then transported via link 7, central 
router 8, link 9a, local router 10a, link 11a, switch 12a and link 13i to terminal 14i of the user i. 
Terminal 14i of the user is advantageously equipped with a smart card 15i on which the descrip- 
tion of the units of the stream of complementary information is performed. 
[0038] Switch 12a is responsible for the-security and controls the addresses of the clients in 
the access list composed of information relative to the previous sessions with the client (e.g., 
time and duration of connection, anticipated or delayed payment, type of contents viewed), 
which assures the-personalizing of each client session and therefore ef-the complementary infor- 
mation by forming UFIC units. One e mbodim e nt w ay is the use of a hybrid method such as, e.g., 
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using unicasting for authentication with the aid of secure keys and multicasting for the broad- 
casting of the complementary information. 

[0039] In the first placo First , if the client 14i succeeds in joining the multicasting group 
desired via switch 12a, it is because h ethe client has a recognized identity and an authorization 
from the network to receive these-packets of complementary information after the authentication 
stage ; howev e r . However , if no valid session key was generated by the central server, the client 
can not use the UFIC's, which UFIC's are broadcast and encrypted solely with the keys of the 
other users 14j, 14k, et eor the like , 

[0040] In th e s e cond plac e Second , the client communicates with the server of complemen- 
tary information 4 in a point-to-point link in unicasting and the authentication phase is thus per- 
formed in ord e r to assure that the client has sufficient rights for receiving the UFIC's and fer 
generating the session key (via a secure method of exchange of information) and the viewing 
rights are backed up in a database for managing rights 5. 

[0041] At the end of this 2 stage server 4 automatically adds the new key of client 14i into the 
list of session keys corresponding to the multicasting group requested. 

[0042] Server 4 begins to encrypt the current UFIC with the session key and sends the UFIC 
with what is called "a label" that is delivered to the client during the authentication stage. This 
label contains the information about a unique association between the encrypted UFIC and each 
client. Client 14i receives groups of packets and retains saidthe valid label and decrypts the data 
portions with saidthe session key until the lifetime of this session key expires. 
[0043] After a period that is sufficiently long to have the right to request a new key and in 
the instance in which the client desires to continue receiving the complementary information of 
the same multicasting group, a new authentication stage recommences. 
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[0044] Server 4 advantageously encrypts the UFIC's corresponding to a simultaneous broad- 
casting of the same content with the session keys of all authorized clients 14i, 14j, 14k, 14q 
and sends the same encrypted UFIC a certain number of times with each key different, corre- 
sponding to the numbers of clients connected. 

[0045] A compr e ssion Compression of the units of streams of complementary information is 
preferably applied prior to fee-encryption with all the session keys, which reduces the volume of 
information to be transported and also increases the security of the encrypted UFIC's as a conse- 
quence by reducing the redundancy because many cryptographic analyses exploit the-redundancy 
in ord e r to break the protection. The efficacy of the compression algorithm is also one of the 
factors that manages the throughput scalability of the multicasting group as a function of the 
number of members per group. 

[0046] Each user decrypts the UFIC's received with the aide of his own each user's session 
key. 

[0047] The term "transmission cycle of the server" denotes the stage of sending a UFIC in 
compressed form, encrypted with all the keys of the members of the group to the address and the 
port number of the multicasting group. An advantage of this technique is that it assures a-resis- 
tance to pirating due to the fact that ar-multiple encryption of the same content is applied with dif- 
ferent keys for the different addressed equipments. The compression mechanism is applied ferto 
the transmission cycle of the server in ord e r to avoid a traffic that is too high for the groups with 
a large number of members (several thousand users). This model is suitable for being used for 
any lossless compression algorithm of the LZ (Lempel-Ziv) type, e.g., LZW (a variant of LZ by 
Terry Welsch), LZJH (Lempel-Ziv-Jeff-Heath or v.44 by ITU-T) and the like . 
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[0048] Periodic renewals of the session keys are made in ord e r to assure their cryptographic 
security. For example, a session key can be valid for a period of two hours, during which the key 
deciphers a quantity of UFIC's with a throughput of a dozen of kbits/s equal, e.g., to 2 20 data 
blocks, each with a length of 64 bits. 

[0049] An extension of the function of observing messages of the multicasting group 
("snooping" in English ) with the IGMP (Internet Group Management Protocol) protocol at the 
last distribution point 12 is used in the connection layer for access management (authorize or 
prohibit) for each client on the streams for which this client has or does not have rights[[,]] and a 
as a consequencei optimizes the bandwidth for each client at hi sthe client's access point such as, 
e.g., a DSLAM (Digital Subscriber Line Access Multiplexer) of a DSL (Digital Subscriber Line) 
network. This extension of the observation function thus adds an extended and secure mode of 
multitasking transmission. This complementary information is thus transmitted during the distri- 
bution phase in an extended and secure mode of multitasking transmission to saidthe addressee's 
equipment from a secure central server passing through at least one router and at least one switch 
connecting thisthe addressee's equipment to thisthe central server via at least one access point. 
The system keeps the personalization of the UFIC's for each client while reducing the number of 
unicasting connections per server with the exception of moments of authentication. The system 
also optimizes the throughput, therefore, the quantity of data to be transmitted as a function of 
the variation of the number of clients per group. Thus, the access management and the-personal- 
ization of the complementary information "UFIC" control the throughput in the multicasting 
group. The current version of the IGMP protocol allows switches 12 to detect the IGMP mes- 
sages of the member clients, to send the respective response and te-control the distribution of 
packets in multitasking up to the port of the client. In th e pr e sent invention this This function is 
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completed by a filtering relative to the first control level with a list of addresses of the MAC 
(Medium Access Control) connecting layer, which addresses represent the clients authorized to 
connect to the multicasting group. 

[0050] Furthermore, a marking with a label is added for each compressed and encrypted data 
packet that represents the identity of the client and also a second level of control and e£-person- 
alization. 

[0051] This identity is used by switch 12 to determine the physical port to which the packets 
are distributed by sending the client in question only the packets marked with hi sthe client's own 
label. 

[0052] According to a variant th e The UFIC's ar emav be encrypted with the aid of symmetric 
encryption algorithms and the encryption key ism ay then be_encrypted with a public key of the 
addressee. This is a hybrid authentication mode. According to another variant th eThe UFIC's 
afe mav also be encrypted with the aid of asymmetric encryption algorithms and this is a PKI 
("Public Key Infrastructure" in English ) authentication mode. 

[0053] The present invention p rocess will be illustrated with the aide of a pref e rr e d second 
exemplary e mbodim e nt example that includes a multicasting protocol, a mutual authentication 
method and a compression method for the server comprising multicasting protocols used and 
their extension for the distribution of the complementary information , subj e ct matt e r of the pr e 
s e nt inv e ntion . 

[0054] The multicasting transmission system is based on a group management protocol 
(IGMP) that is responsible for the control for joining/leaving the multicasting group. This pro- 
tocol is executed between the client 14i, 14j, 14k and histhe closest network access point, switch 
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12a. A multi-casting routing protocol controls the routing of the multicasting traffic from 
switches 12 to all routers 10 of the distribution network. 

[0055] A control processor located in switch 12 observes the IGMP messages sent by clients 
14. The switches capable of managing and emulating IGMP messages also use this information 
for dynamically configuring their own observation filters. 

[0056] This solution optimizes th e managin g management of the bandwidth at the level of the 
switches, avoiding an overloading of the LAN's ("Local Area Network" in English ), in particular 
in the instances in which the final user switches frequently from one multicasting group to 
another one, e.g., when changing a television channel. 

[0057] Routers 10 supporting multicasting routing, and switches 12 for which layer 3 of the 
OSI model is capable of managing the data used for this example, contain a bandwidth control 
with a functionality of limiting throughput in IP multicasting that allows an upper limit to be im- 
posed for the traffic carried out from the server to the multicasting groups. The mechanism for 
defining the limits includes the definition of a multicasting source filter and a multicasting group 
receiving filter per reception port. This control filter is based on the IP address or also on the 
Mac address (address of the network card "Medium Access Control") using, e.g., the MVR 
(Multicast VLAN Registration) mechanism, and as a consequence in order to avoid a fraudulent 
attribution ("spoofing" in English ) of the IP network address of the client a complementary pro- 
tocol is applied in unicast "Unicast Reverse Path Forwarding" (URPF) between client 14 and 
switch 12. 
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